Catbird and HyTrust have teamed up to deliver a product that provides front-end access and compliance control for well understood actions via HyTrust, for all other actions, including intrusions, Catbird Security provides compliance control, firewall, IDS, and IPS. In other words, proactive security via HyTrust and reactive security via Catbird.
, • • 0 Comments
With the release of vSphere 4.1, VMware has added to their Dynamic Resource Load Balancing (DRLB) suite of tools that I hinted at in my post on Dynamic Resource Load Balancing that I wrote last week as well as providing new memory over commit and other functionality. In essence, vSphere 4.1 is more than a point release, this update includes many features that aid in security, reliability, and is a direct response to customer requests.
Encryption is important, encryption within a VM even more important. But the question is how to do this securely without allowing the encryption keys to be seen by an administrator of the virtual environment and that supports vMotion or LiveMigration. The solution is per VM encrypted memory, but something more robust that makes use of hardware, out of band key exchange, and supports vMotion or LiveMigration.
During the Virtualization Security Podcast on 7/8, Vizioncore’s Thomas Bryant joined us to discuss the state of virtualization backup security and forensic use of such backups. In the world of virtualization, backups are performed mostly by 4 distinct vendors: VMware Data Recovery (VDR) and VMware Consolidated Backup (VCB), Vizioncore vRanger, Veeam, and PHD Virtual Backup for vSphere. Each of these provide the most basic of security capabilities:
* Encrypted tunnels for data movement (SSL)
* Encryption of the backup
But in the increasing global nature of businesses and the difference in privacy laws between townships, states, and the need for Secure Multi-Tenancy, backup companies fall short with their products while making it increasing harder to use backups as a source of forensically sound data.
During the Virtualization Security Podcast on 6/22, Steve Orrin of Intel and Dennis Morreau of RSA joined us to discuss the impact of Intel Westmere chips built-in Trusted Platform Module (TPM) and Trusted Execution Technology (TXT) on Cloud and Virtualization Security. TPM is not all that new, but TXT’s usage in virtualization security is new. Both together can form a hardware root of trust for the virtual environment.
At the moment however, these technologies are limited to just providing a secure launch of a well known hypervisor within the hardware. As such they have not been extended to the virtual machine. TXT however solves a very important issue that at the time the book VMware vSphere and Virtual Infrastructure Security was written had theoretical solutions, I speak of Blue Pill style attacks. There were rumors of Hyperguard or Guard Hype tools becoming available, but they are only research projects. TXT on the other hand, offers protection from Blue Pill style attacks.
Virtual Thoughts Podcast the Rebirth, Join us Tuesday 29th June @ 7:00pm (BST), 2:00pm (EST), 11:00am (PST)
In a recent document written by virtualization.info and Secure Network of Italy entitled Securing the Private Cloud several issues come to mind. While this is a good document on the availability front of virtualization security, I did not read anything that affected integrity or confidentiality. You cannot be secure if you ignore 2 of the 3 tenants of security.
There is nothing like fully understanding the protections inherent within your vNetwork and the Roles and Permissions you can set within the virtualization management tool suites to ensure your vNetwork is secured, audited, and monitored for issues. Just like you do now within the pNetwork. Unlike the pNetwork, the vNetwork provides a certain amount of introspection and capability that is missing from a pNetwork, and this will also help with security.
Can we use some of this Risky Social Behaviors post to aid us in finding an adequate definition for secure multi-tenancy? Perhaps more to the point it can define how we look at multi-tenancy today. On a recent VMware Communities podcast we were told two things that seem contradictory to current security thinking. The first is that going to the cloud reduces your risk, and the second was that the definition of the cloud must include multi-tenancy.